IBM BigFix Compliance 


Compliance 
User's Guide 


Version 92 




IBM BigFix Compliance 


Compliance 
User's Guide 


Version 92 



Note 

Before using this information and the product it supports, read the information in|"Notices" on page 49. | 


This edition applies to version 9, release 2, modification level 0 of IBM Endpoint Manager and to all subsequent 
releases and modifications until otherwise indicated in new editions. 


© Copyright IBM Corporation 2012, 2015. 

US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract 
with IBM Corp. 


Contents 


Chapter 1. Introduction 1 

System Requirements 1 

General Usage Concepts 3 

Navigation 3 

Graphical Report View 4 

Configuring a report resource as the default view 5 

Configuring a report resource as the home page . 7 

Using the autosize columns feature 7 

Managing exceptions 9 

Exporting 9 


Chapter 2. Viewing deployment 
compliance status reports 11 


Overview Reports 11 

List Reports 12 

Check Results Reports 13 

Exceptions Reports 14 

Saved Reports 15 

Chart Types 15 

Chapter 3. Management Tasks .... 17 

Computer Groups 17 

Computer Properties 18 

Data Sources 19 

Adding a data source 19 

Deleting a data source 22 

Imports 22 

Roles 23 

Server Settings 24 

Session Settings 24 

Single Sign-on Settings 24 

Users 25 

Configuring multiple computer groups .... 25 

User Provisioning 26 


Exceptions 26 

Account Preferences 27 

Chapter 4. Configuring report 
definitions using REST API 29 

Create a saved report 31 

Update a saved report 32 

Retrieve all saved report items 33 

Retrieve saved reports by report ID 34 

Delete a saved report item by ID 35 

Chapter 5. Disaster Recovery for BigFix 
Compliance 37 

Creating a backup of the application server. ... 37 

Recovering the backup application server .... 37 

Verifying the success of the recovery procedure .. 38 

Appendix A. Example Reports 39 

Checklist List Report 40 

Checklist Overview Report 40 

Checks List Report 41 

Check Overview Report 41 

Computers List Report 42 

Computer Overview Report 42 

Computer Groups List Report 43 

Computer Group Overview Report 43 

Check Results List Report 44 

Vulnerabilities Report 44 

Appendix B. Support 47 

Notices 49 


© Copyright IBM Corp. 2012, 2015 


iii 



IV IBM BigFix Compliance: Compliance User's Guide 



Chapter 1. Introduction 

BigFix Compliance is a component of IBM BigFix Compliance, which includes 
vulnerability detection libraries and technical controls and tools that are based on 
industry practices and standards for endpoint and server security configuration 
(SCM checklists). The vulnerability detection libraries and the technical controls 
enable continuous, automated detection and remediation of security configuration 
issues. 

BigFix Compliance provides report views and tools for managing the vulnerability 
of Security Configuration Management checks. 

BigFix Compliance generates the following reports, which can be filtered, sorted, 
grouped, customized, or exported with the use of any set of BigFix Compliance 
properties: 

• Overviews of Compliance Status, Vulnerabilities, and Flistory 

• Checklists: Compliance Status and Flistory 

• Checks: Compliance Status, Values, and Flistory 

• Vulnerabilities: Rollup Status and Flistory 

• Vulnerability Results: Detailed Status 

• Computers: Compliance Status, Values, Vulnerabilities, and Flistory 

• Computer Groups: Compliance Status, Vulnerabilities, and Flistory 

• Exceptions: Management, Status, and Flistory 

New features 

The following features and enhancements are included in BigFix Compliance 
BigFix Compliance 1 . 7 . 

• Single Sign-On user authentication using SAML 2.0 

• Single Sign-On user authentication using LTPA Token 

• Added REST API Token revocation 

• Update to IBM Java 8.0. F10 

• Update to WebSphere Application server 8.5.5.7 Liberty Profile 


System Requirements 

Set up your deployment according to the system requirements to successfully 
deploy BigFix Compliance. 

Configure your BigFix Compliance deployment according to the following 
requirements: 
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Table 1. Supported components and system requirements to deploy BigFix Compliance 


Components 

Requirements 

Supported browser versions 

• Internet Explorer versions 10.0, 11.0 

• Firefox 31 and later versions 

• Firefox Extended Support Release (ESR) 
versions 31 and 38 

• Google Chrome 35.0 and later versions 

Supported IBM BigFix component versions 

• Console versions 9.0, 9.1, 9.2 

• Web Reports versions 9.0, 9.1, 9.2 

• Windows Client versions 9.0, 9.1, 9.2 

• UNIX Client versions 9.0, 9.1, 9.2 

BigFix Compliance server operating system 
requirements 

• Microsoft Windows Server 2008 

• Microsoft Windows Server 2008 R2 

• Microsoft Windows Server 2012 

• Microsoft Windows 2012 R2 

Note: BigFix Compliance supports operating 
systems with the 64-bit versions only. 

BigFix Compliance database server 
requirements 

• Microsoft SQL Server 2008 

• Microsoft SQL Server 2008 R2 

• Microsoft SQL Server 2012 

• Microsoft SQL Server 2014 

Note: BigFix Compliance supports servers 
with the 64-bit versions only. 

BigFix Compliance server 

You must have Administrator privileges on 
the target BigFix Compliance server. 

BigFix Compliance database 

You must have dbcreator permissions on the 
target BigFix Compliance database server. 

IBM BigFix database user permissions 

IBM BigFix database user permissions 

SCM mastheads and Fixlet sites 

• You might have earlier BigFix Fixlets and 
custom Fixlets for security compliance in 
your deployment. These Fixlets continue 
to function correctly, but only certain 
Fixlets display within the BigFix 
Compliance reports. 

• To view the current list of SCM content 
sites that are supported with BigFix 
Compliance, see the technote What SCM 
content is available for TEM? 

IBM BigFix DB2 database permissions 

You must have data administration authority 
(DATAACCESS) to perform the following 
tasks: 

• Access to create objects 

• Access to data within a IBM BigFix DB2 
database 


Note: Version 1.5.78 is the minimum version required to upgrade to Compliance 
1.7.30. 
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General Usage Concepts 
Navigation 


Using BigFix Compliance, you can navigate and explore security configuration 
check results. Each computer in your deployment evaluates the appropriate 
Security Configuration Management checks that you have activated using the IBM 
BigFix console, and each computer reports a pass, fail, or not applicable status for 
each check. Each computer also reports computer properties and analysis values, 
such as Security Configuration Management check measured values that are active 
in your deployment. 

SCM check results are aggregated by the BigFix Compliance server and augmented 
by computer properties and analysis values to provide compliance overviews and 
detailed lists of results. 

There are four primary navigation mechanisms in BigFix Compliance: 

• Global navigation 

• Linked navigation 

• Sub-navigation (or scoped navigation) 

• Saved Reports navigation 

Global Navigation 

Global Navigation refers to the primary drop-down menus at the top of the BigFix 
Compliance primary dashboard. Click the Reports drop-down menu to navigate 
through the different report types. Users with appropriate permissions also see a 
Management drop-down menu to view and manage the deployment configuration. 

Linked Navigation 

You can use linked text to navigate through report types. For example, click 5 
Computer Groups on the Overview report to display the related Computer Groups 
report. 


b Security and Compliance Analytics Management w Account w Help w 

Overview 


(Base Report) 



% Compliant 


Save As... Schedule... O PDF 


(all data) a Configure View... 


Compliance History 


Computers by Compliance Quartile 



25-49% 50 74% 75-99% 

Overall Compliance 


4 Computer Groups including 
Computer Group I, Computer Group 2, 
Geographic Area, and Organizational Unit 


Check Results His 

20.000 
10.000 
0 


04/18/2012 05:00 PM 


• 10 Checklists it 
AIX 6.1, ITGIXC 
and DoD CVSS f« 

04 / 28/2012 
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Sub-navigation 


You can also explore reports within a given scope from the sub-navigation menu. 

To view all checks, all computers, or all exceptions appropriate for a given 
checklist, click the Overview drop-down menu that is located on the upper-right side 
of any overview report. The List Viezv of reports will not show the Overviezv 
dropdown. 


b Security and Compliance Analytics 

Management ’ r Account ▼ Help ▼ 1 

Computer Group: Organizational Unit 


Overview jJ 

(Base Report) w Save As... Schedule... Q PDF 

(all d; 

„ . V 

Overview 

93 ^ 

S w J % Compliant 

Computers 

Checklists 

Compliance History Computers by Compliance Quartile 

Check 

Checks 

Results History 


Saved Reports navigation 

When you save a report view, it is available as a link on the Saved Reports list as 
well as from the Saved Reports menu on the left side of the report. Selecting a 
saved report from the menu regenerates the report view using the settings 
originally saved with the report. Click Saved Reports from the Reports dropdown 
menu, or click Save As from within any report to save the current view preferences. 



ISO OVAL for AIX 6. 1 
ITGI XCCDF for MacOS 10.6.2 




92 % 

90 % 


200 Checks 
13 Computers 


i. 


200 Checks 
20 Computers 


Graphical Report View 

You can view a variety of graphical charts that display different aspects of the 
security data in your deployment. You can select the columns to be displayed, 
change column arrangement, and filter data. 



ISO OVAL for AIX 6.1 
ITGI XCCDF for MacOS 10.6.2 
DoD CVSS for SLES 10 



92 % 

90 % 

91 % 


3.229 


200 Checks 
13 Computers 

200 Checks 
20 Computers 

200 Checks 
20 Computers 
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Configuring a report resource as the default view 

Set default views for report resources to reduce steps that are needed to access 
reports when you are loading resources. 

About this task 

Use the Set as default option to configure a specific report as the default view 
when you are loading any report. The option reduces the steps that are needed to 
access reports when you are loading resources, including the following resources. 

• Overview 

• Detailed report views 

• Grid report views for checklists, vulnerabilities, exceptions, computers, and 
computer groups 

Users can set the default view based on their credentials: 

• Standard users can configure reports to have private or default view settings. 

• Administrators can configure reports to have private, default, or global default 
view settings. 

You can set a report to have the following settings: 

Private 

This option makes the report private. 

Set as default 

This option saves the report as the default view for the user of that specific 
report page. 

Set as global default 

This option saves the report as the global view for all users of that specific 
report who do not have it set as their default report page. 

Only administrators can save reports to have a global default view. 
However, when a standard user already set a report as the default, the 
administrator cannot overwrite that default report view. 

Procedure 

1 . Go to Reports > Saved Reports and select the report that is to be saved as the 
default report view. 
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2. From the Edit Report panel, configure the report to be viewed with any of the 
following options. 

• Private 

• Set as default 

• Set as global default 



3. Click Create. 
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b saved Reports 



Reports ▼ 

Management ▼ 

Account ▼ Help ▼ 

18 rows 







Name 

User Name 

Private 

Default report Global default report 

Next Scheduled Export 

Computers (Default) 

bigfix 

No 

No 

No 


<no data> 

Computer (Filtered) 

bigfix 

No 

No 

No 


<no data> 

Computer (Filtered 2) 

bigfix 

No 

No 

No 


<no data> 

Computer Group (Default) 

bigfix 

No 

No 

No 


<no data> 

Computer Group Overview (North A... 

bigfix 

Yes 

No 

No 


<no data> 

Checklist Save Report (Global Defa... 

bigfix 

Yes 

Yes 

No 


<no data> 

Overview 1 

bigfix 

No 




<no data> 


Configuring a report resource as the home page 

Set any page or report resource, including saved reports, as the home page. 


Procedure 

1 . Go to the page you want to set as the home page. 

2. From the upper right corner, select the Account menu and click Set as home 
page. When a page is currently set as the home page, the option is disabled. 


b Saved Reports 




Management » Account » 

Help ▼ 

20 rows 




JJP bigfix 


Name 

- User Name 

Private 

Default report 

I™'-™ 



Check (Add Column view) 

bigfix 

No 

No 

NO 


' 

Check (Default) 

bigfix 

No 

No 

i 




Check (Filtered) 

Checklist (Default) 

Checklist (filtered) 

Checklist (show all columns) 

Checklist Save Report (Global Default) 
Checks (Global default) 


o data> 
o data> 


Results 

Your next log in will open to the page you selected. 

Using the autosize columns feature 

Columns in BigFix Compliance reports are set by default to automatically resize to 
fit a grid window. 

About this task 

When the report you are using has several columns, you can use the Autosize 
Columns feature to view several columns without compressing the column views. 
You can also scroll horizontally across the visible report grid window. You can also 
set the autosize feature when you are creating a saved report. Creating a saved 
report with Autosize Columns disabled will retain all column widths even if the 
column widths exceed or are less than the visible grid area. 

This feature is enabled by default. 
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Procedure 

1 . From an open report that uses columns, click Configure View.... 


l> SECURITY AND COMPLIANCE ANALYTICS 



Management 

▼ Account ▼ Help ▼ 

Check Results 

• (Base Report) 

▼ Save As... Schedule... 

D CSV Q PDF 


1236388 row 

« (all data) 

Checklist 

Check Name 

Computer Name 

Last Seen 

Compliance 

02/04/2012 

06/14/2014 

SCM Checklist for FDCC on Wi. 

Messenger Service Disabled 

DAM ASH II 

2 years ago 


* 


Not Applicable t=i 

SCM Checklist for FDCC on Wi_ 

. Enforce Password History 

DAM ASH II 

2 years ago 


Not Applicable 

SCM Checklist for FDCC on Wi... 

Microsoft network server: Amount of idletim„. 

DAMASHII 

2 years ago 


Not Applicable 

SCM Checklist for FDCC on Wi_ 

. RPC Endpoint Mapper Client Authentication 

DAM ASH II 

2 years ago 


Not Applicable 

SCM Checklist for FDCC on Wi.. 

Prohibit use of Internet Connection Firewall... 

DAMASHII 

2 years ago 


Not Applicable 

SCM Checklist for FDCC on Wi_. 

. Turn Off Event Views "Events.asp" Links 

DAMASHII 

2 years ago 


Not Applicable 

SCM Checklist for FDCC on Wi.. 

. FTP Publishing Service Disabled 

DAMASHII 

2 years ago 


Not Applicable 


2. From the Configure View windows, you can either select or clear the Autosize 
Columns checkbox. 


Configure View 

Options 






Columns 



Check 



G0 Checklist 

□ CCES 


0 Check Name 

□ CPES 


EH Category 

B DISA Release Information 


B Source 

B DISA Group ID 


B Source ID 

□ disacci id 


B Source Release Date 

□ DISA Check ID 


B Source Severity 

B DISA Severity 


□ XCCDF Profile ID 

□ DISA Fix Ref. 


□ xCCDF Rule ID 

□ DISA Fix ID 


□ XCCDF Rule Weight 

B Release Date 


□ XCCDF Benchmark ID 

B Policy Author 


EH Supported Platform Versions 

B Policy Title 

LJ 

B DISA Group Title 

B Policy Version 


B DISA IA Controls 

B Policy Release Date 


□ DISA Rule ID 

B Policy Control Number 


B DISA Responsibility 

B Risk Level 


□ DISAVulid (STIG-ID) 

□ cVE 


B DISA Documentable 

□ sans 


B XCCDF Benchmark Status 

B Description 


B XCCDF Benchmark Version 

B Desired Values 


B OVAL Definitions 



Computer 



0 Computer Name 

B IP Address 

- 


Cancel 



3. Click Submit. 
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Managing exceptions 


You can set exceptions to exclude data from your compliance reports. From the 
Management drop-down menu, click Exceptions. 


b Security and Compliance Analytics 


Reports w 


Management 


Checklists 

(Base Report) 

- 

Save As... 

Schedule... 

0 CSV Q PDF 


Name 




Compliance 

04/06/20 1 2 

05/07/2012 


General 

Computer Groups 
Computer Properties 
Datasources 


ISO OVAL for AIX 6.1 



ITGI XCCDF for MacOS 10.6.2 
DoD CVSS for SLES 10 



Exporting 

You can export the data view of most report views to a .CSV or .PDF formatted file 
on your local computer. Click the .CSV or .PDF links on the top bar of the console. 


b Security and Compliance Analytics 

Repor^^^^ 

Checklists 


(Base Report) 

Save As... Schedule.. | 

O CSV O PDF 

Name 

Complianc^^^^^ 

0406<U?2 - 0S/07/20I2 
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Chapter 2. Viewing deployment compliance status reports 

You can view the compliance status in your deployment from any of the four 
report types. 

BigFix Compliance reports display graphical and tabular views of different aspects 
of your deployment compliance status. 

There are four main report types available, each of which displays a different, 
configurable view of the current and historical compliance status of the 
deployment. All users with accounts on the system can see all report types, but the 
data visible to each user depends on the computers to which they have been 
granted visibility. 

For a graphical representation of each report type, see Example Reports in the 
Appendix. 


Overview Reports 

The following graphical reports are available from the primary Overview window 
in the SCA dashboard: 

Deployment Overview 

Shows deployment information (such as quantity of computers and 
quantity of checks) and overall, historical aggregate compliance for all 
checks on all computers visible to logged-in users. 

Checklist Overview 

Shows information about a single checklist (such as quantity of checks in 
the checklist) and overall, historical aggregate compliance for the checklist 
as applied to all computers visible to logged in users. 

Computer Overview 

Shows information about a single computer (such as number of checks 
evaluated on the computer) and overall, historical aggregate compliance of 
all checks evaluated by the computer. 

Computer Group Overview 

Shows information about a computer group (such as number of 
children/sub-groups and number of member computers) and overall, 
historical aggregate compliance of the group. 

Check Overview 

Shows information about a single check (such as check source and check 
description) and overall, historical aggregate compliance of the check as 
evaluated by all computers visible to logged in users. 

Vulnerability Overview 

Shows information about a single vulnerability check (such as vulnerability 
properties, CVSS score metrics, and vulnerability description) and overall, 
historical aggregate compliance for the vulnerability evaluated by all 
computers visible to logged in users. 
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List Reports 


Click Reports to find the following reports: 

Checklist List 

Shows the list of checklists in the deployment together with attributes of 
each checklist and the overall, historical aggregate compliance results of all 
checks on all visible computers for each checklist. 

Checks List 

Shows the list of checks in the given scope together with attributes of each 
check and the overall, historical aggregate compliance results (the 
aggregate of all visible computer's pass and fail score) of each check. 

Computers List 

Shows the list of all computers in the given scope visible to the logged-in 
user together with attributes of each computer and the overall, historical 
aggregate compliance results of all checks evaluated on the computer. 

Computer Groups List 

Shows the list of all computer groups in the given scope visible to the 
logged-in user together with attributes of each group and the overall, 
historical aggregate compliance results of all checks on all computers in 
each group. 

Vulnerabilities List 

Shows the list of vulnerability checks in the given scope visible to the 
logged-in user together with attributes of each computer and the overall, 
historical aggregate vulnerability results of all vulnerability checks 
evaluated on the computer. 

The following annotated screen captures provide a summary of the functions of 
each report type. 
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Overview Reports 



Compliance History: represents 
aggregate check results (pass/fail) across 
all computers within current scope. 
Excepted computers are counted as 
passing. 

Computers by Compliance Quartile: 

represents computers grouped by 
computer compliance. 

Deployment information: represents 
quantities of key components in the 
system. 

Check Results History: represents 
aggregate check results (pass/fail) across 
all computers within current scope, 
grouped by check result status. 


Overview Report types: Deployment Overview, Checklist Overview, Computer Overview, Computer Group 
Overview, Check Overview 


List Reports 


b Security and Compliance Analytics*,*, 

Checklists 


Neme 



ISO OVAL for AIX 6.1 

„ r"' 87. 

2 Computer! 

!T6i XCCDf for MacQS IP.6,2 

^ * 100. 

HWHH * Check! 

6 Computer! 

DoD CVSS for SltS 10 

100. 

* Check! 

1 Computeri 

mrncfaim».i m rM« 

100. 

< Checks 
i Computers 

NIST SCAPfy HP-UX 1U3 

100. 

B 3 Computers 

ISQSQX for Ubuntu 8,04 

^ ^ 100 

* Checks 

* Computers 

CIS OVAL fa Ubuntu 6,06 

0. 

<none eooi,cM>'e> ‘Checks 

0 Computet! 

DoD CVSS for Solans 9 

r* ’ ioo. 

* Check! 

1 Computer! 

ISAP PC! far Windows Strvtr 2008 P.2 

, — 100 

J Computet! 


100. 

< Checks 
; Computers 


' Name: lists each item represented for the 
list type. 

Compliance: represents history of 
aggregate results (pass/fail) across all 
computers within current scope. Excepted 
computers are counted as passing. 

Results: represents aggregate check 
results (pass/fail) across all appropriate 
computers within current scope, grouped 
by check result status. 


List Report types: Checklists list, Checks list, Computers list, Computer Groups list 


Check Results Reports 

This report shows the list of all checks and computers, attributes of each computer 
and check, and the historical compliance result for each check on each computer. 
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Exceptions Reports 


The Exceptions Report shows the list and status of exceptions in the given scope 
applied to each computer visible to the logged-in user, together with attributes of 
each check, each computer, and each exception. 


Check Results Report 



Descriptive columns: Each row 
represents a single check on a single 
computer. Columns show information 
about each computer-check pair. 
Columns are managed using the 
“Configure View...” option. 

Compliance: pass/fail status for each 
computer-check pair. Hash marks are 
scaled within the displayed time range. 


Exceptions Report 


0 SECURITY AND COMPLIANCE ANALYTICS*., fjJJHD 

Exception Results 



Descriptive columns: Each row 
represents a single check on a single 
computer as specified by an exception. 
Columns show information about each 
computer-check pair. Columns are 
managed using the “Configure View...” 
option. 

Exception information: detailed 
information about the exception. 


To customize the settings of each report, such as filtering the view or adding 
additional columns, click Configure View to create custom settings. 


bl Security and Compliance Analytics^. 

Management * Account » 

Overview 

| (Base Report) * Save As... 

0 Configure View 


You can set parameters for how your data is displayed in reports in Configure View. 


Configure View 


X 

Time Range 
§§aii 



© Last 1 3 | | days 

_0 


© | 01/01/2011 

to 1 02/11/2011 


• •••••• 

• ••••••••••••••••••••••••••••••••a 


01/04/2011 

01/11/2011 01/18/2011 01/25/2011 02/01/2011 02XJ8/2011 


Submit 

A 
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Saved Reports 


The Saved Reports feature retains a specific report format (including the displayed 
columns and filters you used to customize the view) for future use, without 
creating the same settings each time. When you save a report, it becomes available 
in the Saved Reports list report and visible in the drop-down box on the left side 
of the sub-navigation area when viewing that report type. 


b Security and Compliance Analytics 


Overview 


Reports 


Saved Reports 


(Base Report) 


Save As.. 


91 


% Compliant 


Compliance History 


100 * 



Com 


40 

e 

s 

a. 20 




Security and Compliance 
Overview 
Checklists 
Checks 
Vulnerabilities 
Computers 
Computer Groups 
Check Results 
Exception Results 
Vulnerability Results 
Last Import at 02/24/2012 03:45 PM 

Overall Compliance 


Chart Types 


BigFix Compliance displays summaries of compliance data through the following 
chart types: 

Compliance Overview 

Displays compliance history over time as an overall percentage. 

Computers by Compliance Quartile 

Bar chart that provides compliance data by quartile. 

Compliance History Detail Chart 

Win loss chart that displays compliance history over time. 

Check Results History 

Total number of check results over time. 

Not applicable 

A check that does not apply to a given computer. 

Noncompliant 

A check that is noncompliant on a given computer. 

Excepted - (NC) 

A check that is noncompliant on a given computer, but that has been 
excepted through a manually-created exception. 

Excepted - (C) 

A check that is compliant on a given computer, but that has been excepted 
through a manually-created exception. 
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Compliant 

A check that complies with the checklist desired values. 

Vulnerability History Detail Chart 

Win loss chart that displays vulnerability history over time. 


Overview 


(Base Report) w Sa*eAs._ (all cUU) a Configure View 



% Compliant 


Compliance History 


Computers by Compliance Quartile 


Check Results History 



02/04/1013 02/11/2012 02/10/2012 


l* 


II 

I 



■ 25 Not Apptcabte 

■ 8Non-Co~p*»M 

■ 0 Excoptw] (NC) 
| 8 bopud (C) 
| 77 Compfant 


4 Computer Groups including 

s ■ Computer Group I. Computer Group 2, 

Geographic Area, and Organizational Unit 

02.0*2012 02/11/2012 02/1*2012 


02/0*2012 02/11/2012 02/1*2012 


5 Checklists including ISO OVAL for 
AIX 6.1. ITGI XCCDF for MacOS 10.6.2. 
and DoD CVSS for SLES 10 


40 « 40 Computers with OSs including 

» MacOS 1 0.6.3. SLES 1 0. SLES 1 1 . SLES 9, 

0 Windows 2000. and HP-UX 1 1 .22 

024*2012 02/11/2012 02/1*3012 


11/2012 02/1*2012 


10 Checks In categories including 
Application Security, File Permission 
Settings. Domain Profile, and Core Policy 



Avg. Vulnerable per Computer 


Vulnerability History 

40 

9 Vulnerability Results 
32 Computers subscribed to a vulnerability site 


024*2012 02/11/2012 02/1*2012 
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Chapter 3. Management Tasks 

The Management Tasks function within BigFix Compliance gives you control over 
various aspects of your compliance deployment. From the Management drop-down 
list, users with appropriate permissions can manage computer groups, computer 
properties, datasources, directories, imports, mail settings, roles, server settings, 
session settings, users, user provisioning, and exceptions. 


Security and Compliance Analytics 


(Base Report) 


Save As... Schedule... O PDF 


58 


% Compliant 


Compliance History 


07/01/2012 01/01/2013 


Computers by Compliance Quartile 

10 

° 0-24% 25-49% 50-74% 75-99% 100% 

Overall Compliance 



Click Management to select any of the following tasks 

• General 

- Computer Groups 

- Computer Properties 

- Datasources 

- Directories 

- Imports 

- Mail Settings 

- Roles 

- Server Settings 

- Session Settings 

- Single Sign-on Settings 

- Users 

- User Provisioning 

• Compliance 

- Exceptions 


Computer Groups 

BigFix Compliance computer groups help you organize the compliance data that 
displays in your reports. Specifically, you can filter data to limit what you want to 
see displayed in your overviews and lists. 
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All users need to be assigned to a computer group in order to log in to BigFix 
Compliance. Logged-in users can see compliance data based on their associated 
computer group. 

To create a computer group, click the Management drop-down menu at the top of 
the console and select Computer Groups. Click New. Use the dropdown menu to 
assign your group to a parent. Use the Definition field to assign parameters to 
your group. 

When finished, click Create. 


b Tivoli Endpoint Manager Analytics: Management Reports ^ 


Computer Groups 


Computer Properties 
Datasources 
Imports 
Mail Settings 
Roles 

Server Settings 
Users 


Security and Compliance 


Exceptions 


+ New 


Computer Group I 
Computer Group 2 
: Geographic Area 
Organizational Unit 


Executive Management 
Facilities 

Human Resources 
Marketing 
Research And Developmen 
Sales 


Create Computer Group 
Parent 

Organizational Unit 


a 


Description 


Include computers which match all |~^j of the following conditions: 


- equals 


M 


Note: You must perform an import after saving your changes. 


You can set the User s account to configure multiple computer groups. To c onfigure 


multiple groups, see "Configuring multiple computer groups" on page 25. 


Computer Properties 

You can create computer properties from the BigFix Compliance datasources 
available for reporting and filtering within the Compliance interface. You can use 
the default properties in your console, or click New to create new properties. These 
computer properties become the display columns in the computers and results list 
view for your reports. 
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General 

+ New 5 rows 

Computer Groups 


Name 


Computer Properties 


OS 


Datasources 

DNS Name 


Imports 

Computer Name 


IP Address 


Roles 


Active Diectory Path 





Note: You must perform an import after saving your changes. 


Data Sources 


Using datasources, you can view information about the IBM BigFix Compliance 
database from which your BigFix Compliance compliance data is based. You can 
also view information about the Web Reports database that is the source of some 
or all of your BigFix Compliance users. The Web Reports connection provides a 
single-sign-on capability for users between Web Reports and BigFix Compliance. 
You cannot edit these settings after the initial setup but you can add the Web 
Reports database information if you originally skipped this step. 


General 


Computer Groups 
Computer Properties 


row 


Host 

192 . 168 . 106.12 


Datasources 


Imports 
Mail Settings 


Edit Datasource 
Primary Database 
Host* 


Roles 

Server Settings 
Users 

Security and Compliance 


192 . 168 . 106.12 

Database Name* 
fake_bes_mac 

Authentication 

0 Windows Authentication 
(Qm SQL Server 
Authentication 


Exceptions 


Username 


sa 


Password 


Database Name Username 

fake_bes_mac sa 


Save 


Web Reports Database (optional) 
Host* 

192.168.106.12 

Database Name* 
fake_wr_mac 

Authentication 

Windows Authentication 
(O) SQLServer 
Authentication 
Username 
sa 

Password 


Adding a data source 

Add a data source to view information about the database on which your 
compliance data is based. 
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Before you begin 


When you are adding a data source: 

• Do not add a datasource that is a DSA copy of an existing datasource to avoid 
the display of duplicate data. 

• If you restrict user access based on computer groups, you might have to create 
new computer groups or modify existing ones to ensure correct access 
restrictions for the new datasource. 

• If you added new computer properties, ensure that you provide mappings to 
those properties in the new datasource. 

• In BigFix Compliance, if you have exceptions that are based on computer 
groups, ensure that those exceptions and groups are set up correctly for the new 
datasource. 

• In Software Usage Analysis (SUA), if you have contracts that are based on 
computer groups, ensure that those contracts and groups are set up correctly for 
the new datasource. 

• You must run an import after you add a datasource before computers from that 
datasource are available in reports. 

• When you are running an import, all datasources must be online and reachable 
or the import fails. This ensures that reports do not show incomplete data or 
misleading inventory or compliance aggregates. 

• Regarding Report data, a user with restricted access by computer group sees 
only the results or computer report data for their assigned computer group. 
Examples of results or computer report data are Computers, Computer Groups, 
Check Results, Exception Results, and Vulnerability Results. 

All users still see all Checklists, Checks, and Vulnerabilities from all datasources, 
regardless of Computer Group restrictions. Multi-tenancy supports segmentation 
of computer data based on computer groups and a user's computer group 
membership. It does not support segmentation of checklists, checks, and 
venerability checks themselves or of a SUA software catalog. 

You must deploy multiple TEMA servers for the following cases: 

- If you are not able to see the existence of checklists that are created for other 
customers 

- You have to apply different software catalogs for different customers. 

Procedure 

1 . In the upper right corner, click Management > Data sources. 

2. In the upper left corner of the horizontal navigation bar, click New. A new 
form opens in the lower pane. 

3. Provide the unique name for the new data source. 

4. Select the database type from the Database Type drop-down list. 


Option 

Description 

Database Type 

Steps 

DB2 

1 . Specify the host, port, and database 
name. 

2. For server authentication, specify a user 
name and password. 
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Option 

Description 

SQL Server 

1 . Specify the host and database name. 

2. Select the authentication type. 

3. For SQL server authentication, specify a 
user name and password. 


flOO 

I 0 [G damashii fmai 


Tivoli Endpoint Manager Analytics: Management: Datasources 


CP IH: Apple Yahoo! Coogle Maps YouTube Wikipedia News T 




b Management: Datasources 


General 

+ New ffi Delete 3 rows 

Computer Groups 

Computer Properties 

Name Database Type 

Host Database Name 

Username 

Example MSSQL Dataso... SQLServer 
Example MSSQL Dataso... SQLServer 

blackcopper.qabigfix.com BFEnterprise 
xiacoci.qabigfix.com BFEnterprise 

sa 

Datasources 

sa 

Directory Servers 

Example DB2 Datasource 1 DB2 

10.3. 1165 BFENT 

db2instl 

Imports 

Edit Datasource 
Name* 



Mail Settings 



Roles 

Example DB2 Datasourc 



Server Settings 

Primary Database 
Database Type* 

i Da; :) 

Web Reports Database 
Database Type* 

(DB2 S) 


Session Settings 


Users 

Host* 

Host* 



10.3.12.65 

10.3.12.65 


User Provisioning 

Port* 

Port* 


Security and Compliance 

50000 

50000 


Exceptions 

Database Name* 

Database Name* 



BFENT 

BESREPOR 



Authentication 

Authentication 



Username 

Username 



db2instl 

db2instl 



Password 

Password 



........ 
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Tivoli Endpoint Manager Analytics: Management: Datasources 


I < i ► l laTo damashii 


CP ill! Apple Yahoo! Coogle Maps YouTube Wikipedia News T Popular T 


-% 


b Management: Datasources 


General 

Computer Groups 
Computer Properties 


Directory Servers 
Imports 
Mail Settings 
Roles 

Server Settings 
Session Settings 
Users 

User Provisioning 

Security and Compliance 

Exceptions 


f New 


ffi Delete 3 rows 


Name Database Type 

Example DB2 Datasource I DB2 
Example MSSQL Datasource I SQL Server 
Example MSSQL Datasource 2 SQL Server 


Edit Datasource 
Name* 

Example MSSQL Datasoi 

Primary Database 
Database Type* 

f SQLServer! 

Host* 

blackcopper.qabigfix.con 
Database Name* 

BFEnterprise 

Authentication 

0 Windows Authentication 
0SQL Server Authentication 
Username 


Password 

........ 


. Host 

10.3.1165 

blackcopper.qabigfix.com 

xiacoci.qabigfbc.com 


Database Name Username 

BFENT db2instl 

BFEnterprise sa 

BFEnterprise sa 


Web Reports Database 
Database Type* 
SQLServer i 
Host* 


Database Name* 


Authentication 

0 Windows Authentication 
i ~)SQL Server Authentication 


5. Click Create. 

Deleting a data source 

Procedure 

1 . In the upper right corner, click Management > Data sources. 

2. In the upper pane, click the data source that you want to delete 

3. In the upper left corner of the navigation bar, click Delete. 

Results 

You deleted all the data for computers that belong to this data source. 


Imports 


Use the Imports interface to schedule a recurring import, disable recurring imports, 
start a manual import, view current import status, and view logs of previous 
imports. 

Run an immediate import by clicking Import Now. To schedule a recurring import, 
first check the import box at the top of the window and set the desired daily start 
time. Then click Save to confirm the change. 
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General 

Computer Groups 
Computer Properties 
Datasources 
Imports 
Mail Settings 
Roles 

Server Settings 
Users 

Security and Compliance 

Exceptions 


Import Settings 

@ Import daily ajl^OO PM j g (UTC -0700) 

Save Import Now 


Import History 


Start Time 

Username 

Duration 

Start Time: Fri Jun 08 19:00:09 UTC 2012 

> 

06/08/2012 12:00 PM 

Scheduled 

0:04:52 

* Status: Successful 





Duration: 0:04:52 


06/07/20 1 2 12:00 PM 

Scheduled 

0:04:41 



06/06/2012 12:00 PM 

Scheduled 

0:04:45 

Import Log: 

r Logfile created on Fri 3un 06 19:00:09 

= 

06/05/20 1 2 12:00 PM 

Scheduled 

0:04:59 

+0000 2012 by logger, rfc/l. 2.6 
2012-06-06 19:00:09 (+0:00:00.000) INFO: 


06/04/2012 12:00 PM 

Scheduled 

0:04:50 


TEHA version: 1.3.21 

06/03/20 1 2 12:00 PM 

Scheduled 

0:04:22 

2012-06-06 19:00:10 (+0:00:00.344) INFO: 
Starting inport tasks 

J 

06/02/2012 12:00 PM 

Scheduled 

0:04:42 

2012-06-06 19:00:10 (+0:00:00.000) INFO: 
calling Model. before_snapshot 


06/01/2012 12:00 PM 

Scheduled 

0:04:57 

2012-06-06 19:00:12 (+0:00:02.844) INFO: 
initialize datasource Datasources Success 


05/31/2012 12:00 PM 

Scheduled 

0:05:50 

= 2012-06-06 19:00:12 (+0:00:00.015) INFO: 

ETL from Datasource - Datasourceuser 


05/30/2012 04:01 PM 

bigfix 

0:05:42 

(OX00000000001699E9 - 



Roles 


Use the Roles interface to assign new roles to users or edit existing roles. In this 
version of BigFix Compliance, the assignable permissions include Edit Computer 
Groups, Edit Exceptions, and Run Imports. 

Use the buttons on the top bar to create new roles or delete existing roles. 


b Tivoli Endpoint Managef Reports + i 

j Management + 


- E 



General 


Computer Groups 
Computer Properties 
Datasources 
Imports 
Mail Settings 


Roles 


Server Settings 
Users 

Security and Compliance 

Exceptions 


+ New up Delete 3 rows 

Name Permissions 

Administrators Edit Computer Groups. Edit Exceptions. Manage Imports. Edit.. 

BIGFIX Edit Computer Groups 

Test Edit Computer Groups. Manage Imports 

Edit Role 

Name* 


Administrators 


Permissions Edit Computer Groups 

[7] Edit Exceptions 
[ I Manage Imports 

Edit Computer Properties 
[71 Edit Datasources 
[7] Edit Roles 
[7 Edit Users 

Edit Server Configuration 

Save 
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Server Settings 

Use the Server Settings interface to configure the HTTP port, SSL, and enable or 
disable data retention. Any changes to the port or SSL settings require a service 
restart. 


Computer Groups 
Computer Properties 
Datasources 
Imports 
Mail Settings 
Roles 


Server Settings 
Port* 


80 


Use SSL 

Data Retention 

J Discard data older than 
Days to keep 365 

Save 




Server Settings 


Session Settings 

You can change your session settings to specify the session time for a logged in 
user who is inactive for a certain period and to custom the message on the login 
page using Markdown text. The default session time out is set to 1 hour. To make 
changes in your session setting, go to Management > Session Settings. Make your 
changes to the session time out and the message then click Save. 


Single Sign-on Settings 

Configure your single sign-on settings in this section. 

You can set your user authentication settings for the Security Assertion Markup 
Language Single Sign-on (SAML SSO) and Lightweight Third Party Authentication 
(LTPA). 

For more information about configuring SAML SSO and LTPA authentication, see 
the BigFix Compliance Setup Guide. 
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Users 


From the Users interface, you can create and edit users, assign roles, and assign a 
set of computer groups to which a user has access. Administrators can edit user 
passwords, email addresses, and contact information. 


b Tivoli Endpoint Manager Analytic 


Account 

Help w 

General 

+ New 









Computer Groups 






Username 

Roles 

Authentication Method 

Computer Group 


Computer Properties 


bigfix 

Administrators 

Password 

All Computers 


Datasources 

en 

Administrators 

Password 

All Computers 


Imports 

fr 

Administrators 

Password 

All Computers 


Mail Settings 

de 

es 

Administrators 

Administrators 

Password 

Password 

All Computers 
All Computers 


Roles 

it 

Administrators 

Password 

All Computers 


Server Settings 

P* 

ko 

Administrators 

Administrators 

Password 

Password 

All Computers 
All Computers 


1 z 1 



Users 


Configuring multiple computer groups 

Before you begin 

You must have Administrator privileges or use the Manage Computers Group role 
to configure user accounts to include multiple computer groups. 

About this task 

This feature enables non-Administrator users to view ranges for computer group 
compliance data by granting the user access to multiple computer group during 
user creation or user account updates. 

Procedure 

1 . Log in to BigFix Compliance as an Administrator or using the Manage 
Computer Groups role. 

2. From the navigation menu, click Management. Select User from the dropdown 
menu. 

3. From the Managers: Users window, create a new user. 

a. Enter the details for the following fields: 

b. From the Computer Groups drop-down menu, select the computer groups 
that the new user will be associated with. 

c. Enter then confirm a password. 

d. Enter the email address. 

4. From the top navigation menu, click Reports. Click Import Now. 

What to do next 

To confirm if the multiple group was configured correctly, login to the new user 
account that has more than one computer group associated with it. 
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User Provisioning 

Use the User provisioning feature to authenticate users within LDAP groups 
without creating users individually. See the BigFix Compliance Setup Guide to 
learn more about user provisioning and LDAP. 


Exceptions 


You can use the Exceptions menu to create and edit exceptions for checks, 
computers, computer groups, and checklists with or without an expiration date. 
You can also view a list of existing and active exceptions. To edit an exception, 
click an exception name in the list, and the Edit Exception and Exception History 
menus display. 


Server Settings Reason Checklist / Checks Group /Computers 

Expiration Date Last edit by 

Status 

Users DISAStigXP Checklist DISA STIG on Windows... 1 computer 

Never exceptions 

Active 

Security and Compliance 

Win 7 Checklist DISA STIG on Windows... 1 computer 

No passwords needed on Vista 2 checks 1 computer 

Never bigfix 

Never bigfix 

Active 

Active 

Exceptions 



Edit Exception 

Reason* 

Affected Checks 


Affected Computers 

Target Group 
Expires 


Exception History 


Enter a reason for this exception 


O All checks in checklist 
0 Selected checks 


DISA STIG Checklist for AIX 5. 1 


O All computers in group 
(£ Selected computers 


I Computers [j 


O Never 
Save 


0 


Action 

Action date 

Reason 

Checklist /Ch... 

Group /Comp... 

Expiration Date 

Last edit by 

Create 

05/17/201201:47.. 

add exception 

1 check 

Group: All Com... 

Never 

bigfix 

Edit 

05/18/2012 03:46... 

change to see his.. 

. 1 check 

Group: All Com... 

Never 

tw 
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Account Preferences 


Use the Account Preferences interface to change passwords, contact information, or 
API tokens. Click the Account drop-down menu from the top of the window. 


b Tivoli Endpoint Manager Analytics Reports ^ Management ^ Help ^ 


Edit User 
Username 

bigfix 

bigfix 

Preferences 

Logout 

Language 

Browser Default - English 

Roles 

Computer Group 
Password 
API Token 

Administrators 
All Computers 
Change 

Show token Regenerate 


Email Address 


Contact Info 
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Chapter 4. Configuring report definitions using REST API 


Administrators can use REST API to create, update, and delete saved report view 
definitions across BigFix Compliance instances. 

Overview of REST API report definitions 


The operations of the BigFix Compliance REST API protocol are defined as HTTP 
methods on certain REST resources. 

Table 2. Target REST Operations 


Target REST operation URI 

HTTP methods 

Purpose of the operation 

api /reports 

POST 

Create a saved report item. 

api /reports 

PUT 

Update a saved report item 
by ID. 

api /reports 

GET 

Retrieve all saved report 
items. 

/api/reports/<id> 

GET 

Retrieve a saved report item 
by ID. 

api /reports 

DELETE 

Delete a saved report item 
by ID. 


Path parameters 

The path parameter specifies the report name that is used when configuring the 
report definitions. 

Table 3. Path parameters of Security Compliance and Analytics reports 


Report name 

Path parameter 

Overview 

/son 

Checklists 

/scm/checkl ists 

Checks 

/scm/checks 

Vulnerabilities 

/scm/vul nerabi 1 i ti es 

Computers 

/scm/computers 

Computer Groups 

/son/ computer_groups 

Check results 

/scm/check_results 

Exception Results 

/scm/excepti on_resul ts 

Vulnerability Results 

/scm/vul nerabi 1 i ty_resul ts 


Query parameters 


Table 4. Query parameters 


Parameter 

Description 

token 

The API token for the target user. 

ID 

The saved report ID. This parameter is not 
used for input. 


© Copyright IBM Corp. 2012, 2015 
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Table 4. Query parameters (continued) 


Parameter 

Description 

user_i d 

The user ID of the report owner in TEMA. 
This parameter is not used for input. 

pagestate_i d 

The page state ID that is specific to the 
report. This parameter is not used for input. 

name 

The name of the saved report. 

path 

The path that specifies the report (for 
example Overview, Computer Groups, and 
others). 

private 

The value is True for private and False for 
public. 


state 

col umn 

The columns in a saved report. 

col umn_order 

The order of the columns as specified by 
<column name" : <number>. The order of the 
column number starts from the left, with the 
smallest column number. The value of the 
number must be integers, such as 0, 1, 2, 3, 
and so on. 

criteria 

The conditions found in Configure View > 
Filter. 

grid_options 

The Autosize Columns options in Configure 
View. 

autosi ze_col umns 

This parameter is present when Autosize 
Columns is on 

order 

asc 

The parameter that is true for ascending 
order; False for descending order 

col 

The parameter for the column to be sorted. 
The value is null for none. 

time_range 

type 

all 

The parameter for al 1 types 

rel ati ve 

The parameter for the last X 
day/ week/ month/ year 

absol ute 

The parameter for a specific date range 

uni ts 

"days", "weeks", "months", "years” 

val ue 

The value for the last X units 

mi n 

Starting datetime (range) 

max 

Ending datetime (range) 

col umn_widths 

The column widths that are specified by 
<column name> : <width> 
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Create a saved report 

Use Rest API to create a saved report across BigFix Compliance instances. 


Use the POST operation on the api /reports element to create a saved report. 
Table 5. Operation details 


Operation details 

Description 

Operation 

POST/api/reports 

Purpose 

Create a saved report item. 

HTTP method 

POST 

Request content type 

Appl ication/json 

Normal HTTP response codes 

200 OK + JSON data for single saved report 
definition that is created by POST 


Error response codes 

The following list includes the operation details for error response codes. 

500 + "Error: Name is already taken" 

When a duplicate post is made. The report is unique by name, user, and 
report category. 

500 + "Error: The property '#/' did not contain a required property of 
'name' in schema f967028a-a442-59a2-ac38-8b596bcf8d2a#"}" 

When the header is missing content-type: appl ication/json. 

401 Unauthorized + {"error": "There is no match for the provided user name 
and password"} 

When no token is provided. 

404 Not found 

When using unnecessary ID (P0ST/api/reports/<id> 

500 Internal Server Error ('Sorry something went wrong,..') + error in the 
TEMA log 

When the JSON format is invalid. 

401 Unauthorized + {"error":"You are not assigned a Computer Group. You 
will not be able to access the system until you are assigned a valid 
Computer Group. Contact your administrator for assistance."} 

When the token for the user has no computer assigned. 

404 + {"error" : "Sequel : :RecordNotFound"} 

When the ID is invalid. 

404 + {"error" : "Sequel : :RecordNotFound"} 

When accessing the private report of another user. 

500 + {"error" : "There was a problem with your request. "}500 + {"error":"The 
property '#/path' value \"aaa\" did not match the regex ,/ '(/[ / 7]+)+$' in 
schema f967028a-a442-59a2-ac38-8b596bcf8d2a#"} 

When specifying path parameters that do not exist, such as /scm/test, aaa, 
and others. 

500 + {"error" : "The property '#/state/column_order/id' of type String did 
not match the following type: integer in schema afcl0b8d-2caf-50e7-a82e- 
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a083dcl0ee61#"} 

When there is a parameter type mismatch such as previously specifying a 
string for an integer. You must delete then recreate the saved report with 
API, or save the report again from the UI. 

"criteria":{ "and": ["aaa V'bbb"] } 500 + {"error" : "Argument must 

be a Hash, Array, or Criterion"} 

When the criteria specification is invalid. 

Note: When an invalid column is selected, such as columns from a different 
report, the created saved report returns the default columns but without any data, 
or the specified column name is saved but ignored. 


Update a saved report 


Use Rest API to update a saved report across BigFix Compliance instances. 

Use the PUT operation on the api /reports element to update a saved report by ID. 
Table 6. Operation details 


Operation details 

Description 

Operation 

PUT/api /reports 

Purpose 

Update a saved report item. 

HTTP method 

PUT 

Request content type 

Appl ication/json 

Normal HTTP response codes 

200 OK + JSON data for single saved report 
definition that is updated by PUT 


Error HTTP response codes 

The following list includes the operation details for HTTP error response codes. 

500 - "Error: The property '#/' did not contain a required property of 
'name' in schema f967028a-a442-59a2-ac38-8b596bcf8d2a#" 

When the header is missing content-type: appl ication/json. 

500 + {"Error" :"the beforesave hook failed"} 

PUT with non-owner's token. 

401 Unauthorized + {"error": "There is no match for the provided user name 
and password"} 

When no token is provided. 

404 Not Found 

When the ID is missing. 

500 Internal Server Error ('Sorry something went wrong,,.') + error in the 
TEMA log 

When the JSON format is invalid. 

401 Unauthorized + {"error": "You are not assigned a Computer Group. You 
will not be able to access the system until you are assigned a valid 
Computer Group. Contact your administrator for assistance."} 

When the token for the user has no computer assigned. 

404 + {"error" : "Sequel : :RecordNotFound"} 

When the ID (#) is invalid. 
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404 + {"error" :"Sequel : :RecordNotFound"} 

When accessing the private report of another user. 

500 + {"error" : "There was a problem with your request. "}500 + {"error": "The 
property '#/path‘ value \"aaa\" did not match the regex ,/ '(/[ / 7]+)+$' in 
schema f967028a-a442-59a2-ac38-8b596bcf8d2a#"} 

When specifying path parameters that do not exist, such as /scm/test, aaa, 
and others. 

500 + {"error" : "The property '#/state/column_order/id' of type String did 
not match the following type: integer in schema afcl0b8d-2caf-50e7-a82e- 
a083dcl0ee61#"} 

When there is a parameter type mismatch such as previously specifying a 
string for an integer. You must delete then recreate the saved report with 
API, or save the report again from the UI. 

"criteria":{ "and": ["aaa","bbb"] } 500 + {"error" :"Argument must 

be a Hash, Array, or Criterion"} 

When the criteria specification is invalid. 

Note: When an invalid column is selected, such as columns from a different 
report, the created saved report returns the default columns but without any data, 
or the specified column name is saved but ignored. 


Retrieve all saved report items 

Use Rest API to retrieve all saved report items across BigFix Compliances 
instances. 

Use the GET operation on the api /reports element to create a saved report by the 
report ID. 

Table 7. Operation details 


Operation details 

Description 

Operation 

GET/api/reports/<report id> 

Purpose 

Retrieves all saved report items. 

HTTP method 

GET 

Request content type 

Appl ication/json 

Normal HTTP response codes 

200 OK + JSON data (total count + array of 
saved report definitions) 


Error HTTP response codes 

The following list includes the operation details for HTTP error response codes. 

401 Unauthorized + {"error":"You are not assigned a Computer Group. You 
will not be able to access the system until you are assigned a valid 
Computer Group. Contact your administrator for assistance."} 

When the token for the user has no computer assigned. 

401 Unauthorized + {"error": "There is no match for the provided user name 
and password"} 

When no token is provided. 

404 + {"error" :"Sequel : :RecordNotFound"} 

When the ID (#) is invalid. 
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404 + {"error" :"Sequel : : RecordNotFound"} 

When accessing the private report of another user. 

500 + {"error": "There was a problem with your request. "}500 + {"error" :"The 
property '#/path‘ value \"aaa\" did not match the regex ,/ '(/[ / 7]+)+$' in 
schema f967028a-a442-59a2-ac38-8b596bcf8d2a#"} 

When specifying path parameters that do not exist, such as /scm/test, aaa, 
and others. 

500 + {"error": "The property '#/state/column_order/id' of type String did 
not match the following type: integer in schema afcl0b8d-2caf-50e7-a82e- 
a083dcl0ee61#"} 

When there is a parameter type mismatch such as previously specifying a 
string for an integer. You must delete then recreate the saved report with 
API, or save the report again from the UI. 

"criteria":{ "and": ["aaa'V'bbb"] } 500 + {"error" :"Argument must 

be a Hash, Array, or Criterion"} 

When the criteria specification is invalid. 

Note: When an invalid column is selected, such as columns from a different 
report, the created saved report returns the default columns but without any data, 
or the specified column name is saved but ignored. 


Retrieve saved reports by report ID 

Use Rest API to retrieve a saved report by ID across BigFix Compliance instances. 

Use the GET operation on the api /reports element to create a saved report by the 
report ID. 

Table 8. Operation details 


Operation details 

Description 

Operation 

GET/api/reports/<report id> 

Purpose 

Retrieves all saved report items using the 
report ID. 

HTTP method 

GET 

Request content type 

Application/json 

Normal HTTP response codes 

200 OK + JSON data for single saved report 
definition that is specified by ID. 


Error HTTP response codes 

The following list includes the operation details for HTTP error response codes 

401 Unauthorized + {"error": "You are not assigned a Computer Group. You 
will not be able to access the system until you are assigned a valid 
Computer Group. Contact your administrator for assistance."} 

When the token for the user has no computer assigned. 

401 Unauthorized + {"error": "There is no match for the provided user name 
and password"} 

When no token is provided. 

404 + {"error" : "Sequel :: RecordNotFound"} 

When the ID (#) is invalid. 
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404 + {"error" :"Sequel : :RecordNotFound"} 

When accessing the private report of another user. 

500 + {"error" : "There was a problem with your request. "}500 + {"error": "The 
property '#/path‘ value \"aaa\" did not match the regex ,/ '(/[ / 7]+)+$' in 
schema f967028a-a442-59a2-ac38-8b596bcf8d2a#"} 

When specifying path parameters that do not exist, such as /scm/test, aaa, 
and others. 

500 + {"error" : "The property '#/state/column_order/id' of type String did 
not match the following type: integer in schema afcl0b8d-2caf-50e7-a82e- 
a083dcl0ee61#"} 

When there is a parameter type mismatch such as previously specifying a 
string for an integer. You must delete then recreate the saved report with 
API, or save the report again from the UI. 

"criteria":{ "and": ["aaa","bbb"] } 500 + {"error" :"Argument must 

be a Hash, Array, or Criterion"} 

When the criteria specification is invalid. 

Note: When an invalid column is selected, such as columns from a different 
report, the created saved report returns the default columns but without any data, 
or the specified column name is saved but ignored. 


Delete a saved report item by ID 

Use Rest API to update a saved report item by ID across BigFix Compliance 
instances. 

Use the DELETE operation on the api /reports/<i d> element to Delete a saved 
report by id. 

Table 9. Operation details 


Operation details 

Description 

Operation 

DELETE/ api / report s/<i d> 

Purpose 

Deletes a saved report item. 

HTTP method 

DELETE 

Request content type 

Appl ication/json 

Normal HTTP response codes 

204 No Content 


Error HTTP response codes 

The following list includes the operation details for HTTP error response codes. 

403 Forbidden + {"Error" : "Access Blocked"} 

DELETE with the token of the non-owner, even if with administrative 
privilege. 

404 Not Found 

When the ID is missing. 

401 Unauthorized + {"error": "There is no match for the provided user name 
and password"} 

When no token is provided. 

401 Unauthorized + {"error":"You are not assigned a Computer Group. You 
will not be able to access the system until you are assigned a valid 
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Computer Group. Contact your administrator for assistance."} 

When the token for the user has no computer assigned. 

404 + {"error" :"Sequel : : RecordNotFound"} 

When the ID is invalid. 

404 + {"error" :"Sequel :: RecordNotFound"} 

When accessing the private report of another user. 

500 + {"error": "There was a problem with your request. "}500 + {"error":"The 
property '#/path‘ value \"aaa\" did not match the regex ,/ '(/[ / 7] + )+$' in 
schema f967028a-a442-59a2-ac38-8b596bcf8d2a#"} 

When specifying path parameters that do not exist, such as /scm/test, aaa, 
and others. 

500 + {"error": "The property '#/state/column_order/id' of type String did 
not match the following type: integer in schema afcl0b8d-2caf-50e7-a82e- 
a083dcl0ee61#"} 

When there is a parameter type mismatch such as previously specifying a 
string for an integer. You must delete then recreate the saved report with 
API, or save the report again from the UI. 

"criteria":{ "and": ["aaa","bbb"] } 500 + {"error" :"Argument must 

be a Hash, Array, or Criterion"} 

When the criteria specification is invalid. 

Note: When an invalid column is selected, such as columns from a different 
report, the created saved report returns the default columns but without any data, 
or the specified column name is saved but ignored. 
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Chapter 5. Disaster Recovery for BigFix Compliance 

Use the standard cold standby method of creating a backup and restoring the 
system in your disaster recovery plan for BigFix Compliance. 

Similar to the IBM BigFix disaster plan, BigFix Compliance uses a standard 
backup /restore method that is called the Cold Standby method. This method does 
periodic backups of the application server and database files, usually done nightly. 
If there is a problem, the database and application server files can be restored to 
the IBM BigFix Application Server computer or another computer. The system is 
also restored. 


Table 10. Pros and cons of using the cold standby method 


Pros 

Cons 

• Simple and allows for multiple backups 
over time. 

• Does not require any additional hardware. 
Hot or cold standby computer is optional. 

• All information since the last backup is 
lost in the event of a failure. 

• Restoring the system from the backup 
might have significant downtime. 


The disaster recovery plan covers steps for the following procedures: 

1 . Backup procedure 

2. Recovery procedure 

3. Recovery verification procedure 

Creating a backup of the application server 

Create backups of the files and folders that the application server uses. 

Establish a maintenance plan for nightly backups for the TEM_Analytics databases 
using SQL Server Enterprise Manager. Multiple backup copies give greater 
recovery flexibility. Consider backing up to a remote system to allow for higher 
fault tolerance. 

For recovery purposes, create backups of the following files and folders that the 
application server uses: 

• [TEMA Application fol der] \config -- Configuration (FITTPS, Port number, 
database connection information, and others) 

• [TEMA Application folder]\log -- Archived Import, error, and access logs 


Recovering the backup application server 

Restore the backup of your BigFix Compliance application server. 

Procedure 

1 . Install the same version of SQL Server that was previously used in either a 
previous application server computer or a new computer. 

Note: If you used Mixed Mode Authentication on the previous application 
server, you must enable it for your new SQL installation. 
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2. Restore the TEM_Analytics databases from backup. 

3. Install the application server. Use the same version of the application 
installation binary as was previously used. 

4. At the end of installation, skip the launch web configuration step. Instead, go 
to NT Services Manager and stop 'Tivoli Endpoint Manager Analytics' service. 

5. Restore /Replace the backed up configuration and log files and folders. Create 
the directory structure as needed. 

6. Go to NT Services Manager and start the Tivoli Endpoint Manager Analytics 

service. 

Ensure that the new application server computer can access the following 
datasources: BFEnterprise and BESReporting. For NT Auth to access the 
TEM_Analytics and BFEnterprise databases, ensure that the service user has the 
necessary DB/File access rights). 


Verifying the success of the recovery procedure 

Check the historical log and run an import action to verify that the BigFix 
Compliance Application is successfully restored. 

Procedure 

Do the following steps to ensure that the BigFix Application Server is successfully 
restored. 

1 . Go to BigFix Compliance web interface and login with Administrator rights to 
verify that the log in works properly. 

2. Go to Management > Import and verify the historical log shown in the page 
frame. 


38 IBM BigFix Compliance: Compliance User's Guide 



Appendix A. Example Reports 


View examples of the various BigFix Compliance reports. 

The following table lists examples of reports that you can generate in BigFix 
Compliance. 


Table 11. Examples of BigFix Compliance reports 


Name of 
Report 

Location 

Field or Graph 
Names 

Other functions 

Export Format 

Checklist 

List 

From the 
console, click 

Reports > 
Checklists 

Name, 

Compliance 

Save As and 
Schedule 

.CSV and .PDF 

Checklist 

Overview 

From the 
console, click 
Reports > 
Checklists. Click 
any of the 
checklists that 
are displayed. 

Compliance 
History, 
Computers by 
Compliance 
Quartile, Check 
Results History 

Save As, Schedule, 
and Configure 
View. 

.PDF 

Checks List 

From the 
console, click 

Reports > 
Checks 

Name, Desired 

Values, 

Compliance 

Save As, Schedule, 
and Configure 
View. 

.CSV and .PDF, 

Check 

Overview 

From the 
console, click 

Reports > 
Checks 

Compliance 
History, Check 
Results History, 
overall 
compliance 
percentage 

Save As, Schedule, 
and Configure 
View. 

.PDF 

Computers 

List 

From the 
console, click 

Reports > 
Computers 

Computer 
Name, Last 
Seen, 

Vulnerability 
history, and 
Overall 
compliance 

Save As, Schedule, 
and Configure 
View. 

.CSV and PDF 

Computer 

Overview 

From the 
console, click 

Reports > 
Overview 

Compliance 
history, 
Computers by 
Compliance 
Quartile, and 
Check results 
history 

Save As, Schedule, 
and Configure 
View. 

.PDF 

Computer 
Groups List 

From the 
console, click 

Reports > 
Computer 
Groups 

Name, Children 
(subgroups), 
Vulnerability 
history, and 
Compliance in a 
list format 

Save As, Schedule, 
and Configure 
View. 

.CSV and .PDF 
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Table 11. Examples of Big Fix Compliance reports (continued) 


Name of 
Report 

Location 

Field or Graph 
Names 

Other functions 

Export Format 

Computer 

Group 

Overview 

From the 
console, click 
Reports > 
Computer 
Groups. Click 
any computer 
group in the list. 

Compliance 
history, 
computers by 
compliance 
quartile, check 
results history, 
and 

vulnerability 

history 

Save As, Schedule, 
and Configure 
View. 

.PDF 

Check 
Results List 

From the 
console, click 

Reports > 
Check Results 

Checklist, check 
name, computer 
name, the date 
results were last 
seen, and level 
of compliance 

Save As, Schedule, 
and Configure 
View. 

.CSV and .PDF 

Vulnerabilitie 

s Tom the 
console, click 

Reports > 
Vulnerabilities 
or Reports > 
Vulnerability 
Results 

CVE ID and 

Vulnerability 

History 

Save As, Schedule, 
and Configure 
View. 

.CSV and .PDF 


Checklist List Report 

To access the Checklist List Report, click the Reports drop-down menu at the top 
of the console and select Checklists. This report displays data through name and 
compliance percentage fields. Use the links across the top to Save As, Schedule, 
export to .csv or .pdf, and Configure View. 



ISO OVAL for AIX6.I 
ITGI XCCDF for MacOS 10.6.2 
DoD CVSS for SLES 10 



■ 

II 

■ 


200 Checks 
1 3 Computers 

200 Checks 
20 Computers 

200 Checks 
20 Computers 


Checklist Overview Report 

To access the Checklists Overview Report, click the Reports drop-down menu at 
the top of the console and select Checklists. The Checklist Overview Report is a 
drilldown of the Checklists List report. To access this view, click any checklist 
displayed. The Overview presents a graphic representation of compliance history, 
computers by compliance quartile, and check results history with an overall 
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compliance percentage shown in the top left corner of the console. Use the links 
across the top to Save As, Schedule, export to .pdf, and Configure View. 




Compliance History 


Computers by Compliance Quartile 



£ 2.000 
l 



Check Results History 



04/14/2012 04/28/2012 


■ 315 NotAppkcabte 
| 169 Non-Compfant 

0 Excepted (NC) 

■ 0 Excepted (C) 
I 2. 1 1 6 Comptant 


1 3 Computers 


04/14/2012 04/28/2012 


04/14/2012 04/28/2012 


Checks List Report 

To access the Checks List Report, click the Reports dropdown menu at the top of 
the console and select Checks. The Checks List report includes fields name, desired 
values, and compliance. Use the links across the top to Save As, Schedule, export 
to .csv and .pdf, and Configure View. 



Check i 
Check 10 
Check 100 





76 % 

84 % 

91 % 


10 


1 3 Computers 


1 3 Computers 


1 3 Computers 


Check Overview Report 

To access the Checks "Overview" Report, click the Reports dropdown menu at the 
top of the console and select Checks. This report is a drilldown of the Checks "List" 
report. To access this view, click any check in the list. The Checks Overview report 
presents a graphic representation of Compliance and Check Results history with an 
overall compliance percentage shown in the top left corner of the console. Use the 
links across the top to Save As, Schedule, export to .pdf, and Configure View. 
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b Security and Compliance Analytics 

Management 

Check: Check 1 


(Base Report) w Save As... Schedule.. 0 PDF 


^7 6 % Compliant 



Compliance History 



04/ 1 4/20 1 2 04/28/2012 


Check Results History 



04/14/2012 04/28/2012 


0 Not Applicable 
3 Non-Compfant 
0 Excepted (NC) 
0 Excepted (C) 

10 Compliant 


Check Properties 


Desired Values 


Checklist 

Source Release Date 

Firewall value 

ISO OVAL for AIX 6.1 

10/19/2009 

baz 

Category 



File Permission Settings 




Description 


Computers List Report 

To access the Computers List Report, click the Reports drop-down menu at the top 
of the console and select Computers. This report includes fields for computer 
name, last seen, vulnerability history, and overall compliance. Use the links across 
the top to Save As, Schedule, export to .csv or .pdf, and Configure View. 



VSXPSP232-02 

13 days ago 

373 

yo 





VS2K8STD64-02 

13 days ago 

38 

91 * 

VSXPPRO64-02 

13 days ago 

98 

80 * 


1 7 Checklists 
2.434 Checks 

1 5 Checklists 
1.967 Checks 

1 5 Checklists 
2.179 Checks 


Computer Overview Report 

To access the Computer Overview Report, click the Reports drop-down menu at 
the top of the console and select Overview. This report includes a graphic 
representation of your compliance history, check results history, and vulnerability. 
Use the links across the top to Save As, Schedule, export to .pdf, and Configure 
View. 
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b Security and Compliance Analytics 

ri T ... '» Management w Account ▼ Help 

Overview 

(Base Report) ' Save As... Schedule... Q PDF 

(all data) a Configure View... 



Compliance History 


Computers by Compliance Quartile 


Check Results History 


O-MX 2S-49 



| 3.429 Not Apptcabie 
| 1.701 Non-Compfant 
6 Excepted (NC) 
| 69 Excepted (C) 

| 23.195 Comptant 


4 Computer Groups including 
' Computer Group I , Computer Group 2, 
Geographic Area, and Organizational Unit 


1 0 Checklists including ISO OVAL for 
AIX 6. 1 , ITGI XCCDF for MacOS 1 0.6.2, 
and DoD CVSSforSLES 10 


1 00 Computers with OSs including 
Ubuntu 8.04, AIX 5.2, HP-UX 1 1 .22, HP- 
UX 1 1. 1 1, MacOS 10.6.1, and MacOS 
10.6.2 


2,000 Checks in categories including 
Account Management, User Rights 
Assignment Settings, Event Logging / 
Auditing, and File / Directory Access 


Computer Groups List Report 

To access the Computer Groups List Report, click the Reports drop-down menu at 
the top of the console and select Computer Groups. This report includes fields for 
name, sub-groups (children), vulnerability history, and compliance in a list format. 
Use the links across the top to Save As, Schedule, Configure View, or to export the 
report as .csv or .pdf. 



Geographic Area 
Organizational Unit 
Computer Group I 
Computer Group 2 





44 Computers 
48 Computers 
100 Computers 
100 Computers 


Computer Group Overview Report 

To access the Computer Group Overview Report, click the Reports drop-down 
menu at the top of the console and select Computer Groups. This report is a drill 
down of the Computer Groups List Report, and can be accessed by clicking any 
computer group in the list on the initial screen. This graphic representation of 
computer groups shows compliance history, computers by compliance quartile, 
check results history, and vulnerability history. Use the links across the top to Save 
As, Schedule, export to .pdf, or Configure View. 
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1 Computer Group: Geographic Area 

Overview ^ 1 

(Base Report) w Save As... Schedule... D PDF 

(all data) » Configure View... 

93 

-X % Compliant 



Compliance History Computers by Compliance Quartile 


Check Results History 



CM/ 1 4/20 1 2 04/28/2012 



04/14/2012 04/28/2012 


1338 Not AppScaWe 
7 1 5 Non-Compfant 
6 Excepted (NC) 
31 Excepted (C) 
10310 Compfant 



04/14/2012 04/28/2012 04/14/2012 04/28/2012 



Avg. Vulnerable per Computer 


Vulnerability History 



04/14/2012 04/28/2012 


9 Vulnerability Results 

38 Computers subscribed to a vulnerability site 


Check Results List Report 

To access the Check Results List Report, click the Reports drop-down menu at the 
top of the console and select Check Results. This report includes fields for 
checklist, check name, computer name, the date results were last seen, and level of 
compliance. Use the links across the top to Save As, Schedule, Configure View, or 
to export the report as .csv or .pdf. 


b Security and Compliance Analytics 

Reports w | 

Management w 

Account w Help w 

Check Results 

• (Base Report) 

w Save As... 

Schedule... □ CSV 

0 PDF 

28400 rows (all data) » Configure View... 

Checklist 

Check Nome 

M Computer Name 

Last Seen 

Compliance 






04/06/2012 

05/07/20 1 2 

ISO OVAL for AIX 6.1 

Check 1 

Computer 10 

about a m... 

— 

m 

Compliant 

ISO OVAL for AIX 6.1 

Check 1 

Computer 17 

aboutam... 


Compliant 

ISO OVAL for AIX 6.1 

Check 1 

Computer 24 

abouta m... 


Compliant 

ISO OVAL for AIX 6.1 

Check 1 

Computer 35 

aboutam... 

"""itllllllllllllllU 

iiittmiiiitmi ii compliant 


Vulnerabilities Report 

To access the Vulnerabilities Report, click the Reports drop-down menu at the top 
of the console and select either Vulnerabilties or Vulnerability Results. The 
Vulnerabilities Report organizes data through name, CVE ID and Vulnerability 
History fields. 
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By default, the Vulnerabilities list shows vulnerability checks on your deployment 
to which at least one or more computers are vulnerable. To modify how the 
vulnerabilities in your deployment presents, click the Configure View button at the 
top fo the console and use the Filter submenu. Use the links across the top to Save 
As, Schedule, Configure View, or to export the report as .csv or .pdf. 


b Security and Compliance Analytics 


Vulnerabilities 


• (Base Report) 

Name 


Management w Account w Help w 


□ CSV Q PDF 26 rows (filtered) ft Configure View.. 

CVE ID Vulnerability History 

04 / 06/2012 05 / 07/20 1 2 


Active Directory Certificate Services Vulnerability —44— CVE-0000-0034 

Active Directory Certificate Services Vulnerability —59— CVE-0000-0049 

Apple QuickTime FLC Encoded Movie Handling Buffer Overflow... CVE-0000-001 1 
COM+ Memory Structures Process Permits Remote Code Execu... CVE-0000-0006 


1 | 

1 0 
2 

2 


To access the Vulnerability Overview report, click any name in the Vulnerabilities 
List report. This report presents a graphic representation of vulnerability history, as 
well as vulnerability properties, CVSS score metrics, and a description of the 
vulnerability. 


Vulnerability: Active Directory Certificate Services Vulnerability -44— 


(Base Report) w Save As... Schedule... O PDF 


1 

A Vulnerable Computers 


Vulnerability History 



(H/I4/20I2 CM/28/2012 

Vulnerability Properties CVSS Score Metrics 


Source ID 
CVE ID 

CVE-0000-0034 

OVAL Status 

accepted 


Description 


Access Vector network 
Access Complexity high 
Authentication single 
Confidentiality Impact none 
Integrity Impact none 
Availability Impact complete 

CVSS Base Score 4.9 


Software is mildly vulnerable 
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Appendix B. Support 

For more information about this product, see the following resources: 


IBM® Knowledge Center 


IBM Endpoint Manager Support site 

IBM Endpoint Manager wiki 


Knowledge Base 



Forums and Communities 
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Notices 


This information was developed for products and services offered in the U.S.A. 

IBM may not offer the products, services, or features discussed in this document in 
other countries. Consult your local IBM representative for information on the 
products and services currently available in your area. Any reference to an IBM 
product, program, or service is not intended to state or imply that only that IBM 
product, program, or service may be used. Any functionally equivalent product, 
program, or service that does not infringe any IBM intellectual property right may 
be used instead. However, it is the user's responsibility to evaluate and verify the 
operation of any non-IBM product, program, or service. 

IBM may have patents or pending patent applications covering subject matter 
described in this document. The furnishing of this document does not grant you 
any license to these patents. You can send license inquiries, in writing, to: 

IBM Director of Licensing 
IBM Corporation 
North Castle Drive 
Armonk, NY 10504-1785 
U.S.A. 

For license inquiries regarding double-byte character set (DBCS) information, 
contact the IBM Intellectual Property Department in your country or send 
inquiries, in writing, to: 

Intellectual Property Licensing 
Legal and Intellectual Property Law 
IBM Japan Ltd. 

1623-14, Shimotsuruma, Yamato-shi 
Kanagawa 242-8502 Japan 

The following paragraph does not apply to the United Kingdom or any other 
country where such provisions are inconsistent with local law: 

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS 
PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER 
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS 
FOR A PARTICULAR PURPOSE. 

Some states do not allow disclaimer of express or implied warranties in certain 
transactions, therefore, this statement may not apply to you. 

This information could include technical inaccuracies or typographical errors. 
Changes are periodically made to the information herein; these changes will be 
incorporated in new editions of the publication. IBM may make improvements 
and/or changes in the product(s) and/or the program(s) described in this 
publication at any time without notice. 

Any references in this information to non-IBM Web sites are provided for 
convenience only and do not in any manner serve as an endorsement of those Web 
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sites. The materials at those Web sites are not part of the materials for this IBM 
product and use of those Web sites is at your own risk. 

IBM may use or distribute any of the information you supply in any way it 
believes appropriate without incurring any obligation to you. 

Licensees of this program who wish to have information about it for the purpose 
of enabling: (i) the exchange of information between independently created 
programs and other programs (including this one) and (ii) the mutual use of the 
information which has been exchanged, should contact: 

IBM Corporation 
2Z4A/101 
11400 Burnet Road 
Austin, TX 78758 U.S.A. 

Such information may be available, subject to appropriate terms and conditions, 
including in some cases, payment of a fee. 

The licensed program described in this document and all licensed material 
available for it are provided by IBM under terms of the IBM Customer Agreement, 
IBM International Program License Agreement or any equivalent agreement 
between us. 

Any performance data contained herein was determined in a controlled 
environment. Therefore, the results obtained in other operating environments may 
vary significantly. Some measurements may have been made on development-level 
systems and there is no guarantee that these measurements will be the same on 
generally available systems. Furthermore, some measurements may have been 
estimated through extrapolation. Actual results may vary. Users of this document 
should verify the applicable data for their specific environment. 

Information concerning non-IBM products was obtained from the suppliers of 
those products, their published announcements or other publicly available sources. 
IBM has not tested those products and cannot confirm the accuracy of 
performance, compatibility or any other claims related to non-IBM products. 
Questions on the capabilities of non-IBM products should be addressed to the 
suppliers of those products. 

All statements regarding IBM's future direction or intent are subject to change or 
withdrawal without notice, and represent goals and objectives only. 

All IBM prices shown are IBM's suggested retail prices, are current and are subject 
to change without notice. Dealer prices may vary. 

This information is for planning purposes only. The information herein is subject to 
change before the products described become available. 

This information contains examples of data and reports used in daily business 
operations. To illustrate them as completely as possible, the examples include the 
names of individuals, companies, brands, and products. All of these names are 
fictitious and any similarity to the names and addresses used by an actual business 
enterprise is entirely coincidental. 

COPYRIGHT LICENSE: 
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This information contains sample application programs in source language, which 
illustrate programming techniques on various operating platforms. You may copy, 
modify, and distribute these sample programs in any form without payment to 
IBM, for the purposes of developing, using, marketing or distributing application 
programs conforming to the application programming interface for the operating 
platform for which the sample programs are written. These examples have not 
been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or 
imply reliability, serviceability, or function of these programs. The sample 
programs are provided "AS IS”, without warranty of any kind. IBM shall not be 
liable for any damages arising out of your use of the sample programs. 

If you are viewing this information softcopy, the photographs and color 
illustrations may not appear. 

Trademarks 

IBM, the IBM logo, and ibm.com® are trademarks or registered trademarks of 
International Business Machines Corp., registered in many jurisdictions worldwide. 
Other product and service names might be trademarks of IBM or other companies. 
A current list of IBM trademarks is available on the "Web at Copyright and 
trademark information" at www.ibm.com/legal/copytrade.shtml. 

Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registered 
trademarks or trademarks of Adobe Systems Incorporated in the United States, 
other countries, or both. 

IT Infrastructure Library is a registered trademark of the Central Computer and 
Telecommunications Agency which is now part of the Office of Government 
Commerce. 

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, 
Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or 
registered trademarks of Intel Corporation or its subsidiaries in the United States 
and other countries. 

Linux is a trademark of Linus Torvalds in the United States, other countries, or 
both. 

Microsoft, Windows, Windows NT, and the Windows logo are trademarks of 
Microsoft Corporation in the United States, other countries, or both. 

ITIL is a registered trademark, and a registered community trademark of The 
Minister for the Cabinet Office, and is registered in the U.S. Patent and Trademark 
Office. 

UNIX is a registered trademark of The Open Group in the United States and other 
countries. 

Java™ and all Java-based trademarks and logos are trademarks or registered 
trademarks of Oracle and/or its affiliates. 

Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the 
United States, other countries, or both and is used under license therefrom. 

Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are 
trademarks of HP, IBM Corp. and Quantum in the U.S. and other countries. 
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